I occasionally see people ask why we're calling it TLS 1.3 when so much has
changed, and I used to simply think that it was too bikesheddy to bother
changing at this point. However, now that we've redone negotiation, we have new
TLS 1.3+ only cipher suites. The old are not compatible with the new (new
codepoints needed for old ciphers) and the new are not backwards compatible
with the old (they'll just be ignored). We actually risk misconfiguration in
the future if the distinction isn't made clear. I think it's time we just
renamed TLS 1.3 to TLS 2.0. There are major changes, so labeling it a major
version seems more appropriate.
Note that contrary to what some people seem to think, version numbers are not
completely without meaning. To someone who doesn't really know/care that much
what TLS is, making sure to use the latest major version of a security protocol
carries more weight than a minor version. It also makes it clear that there are
new features here (e.g. 0-RTT). There's some de facto standardization in
versioning which does carry some useful information. We're not just dealing
with programmers here; this stuff needs to be clear for managers and
non-professionals. If we want to get everyone upgraded eventually, messaging is
important.
Specific proposed changes:
* Mass rename TLS 1.3 to TLS 2.0 in all places (or TLS 2)
* Keep the version ID as { 3, 4 } (already weird counting; changing risks more
intolerance)
* Rename the new cipher suites to have a "TLS2_" prefix to be less confusing
for the registry & end configuration
* Add a sentence noting the development history here, and that all documents
that refer to TLS 1.3 refer to TLS 2.0 (e.g. HTTP/2)
This is a relatively simple set of changes to make that I think can be
beneficial in the long run, and is essentially just editorial. Rebranding might
not be something everyone really wants to bother with, but if we expect this to
be in use for a decade or more (whether we like it or not), we should probably
make sure to be as clear as possible at the start.
Dave
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
